package jrun.security.authorization;

import java.security.Permission;
import java.security.Principal;
import java.util.HashMap;
import java.util.Iterator;
import javax.management.ObjectInstance;
import jrun.naming.JndiSecurityHelper;
import jrun.security.JRunSecurityContext;
import jrun.security.JRunSecurityException;
import jrun.security.JRunSecurityManager;
import jrun.security.JRunSecurityManagerService;
import jrun.security.SecurityContext;
import jrun.security.SimplePrincipal;
import jrun.security.authorization.spi.AuthorizationItfc;
import jrun.security.authorization.spi.AuthorizationProviderItfc;
import jrunx.kernel.ConfigurableServicePartition;
import jrunx.kernel.ServiceAdapter;
import jrunx.kernel.security.SecurityIdentityItfc;
import jrunx.util.RB;
import jrunx.util.ReadWriteLock;

/* loaded from: input_file:jrun/security/authorization/JRunAuthorizationManager.class */
public class JRunAuthorizationManager extends ConfigurableServicePartition implements AuthorizationItfc, JRunAuthorizationManagerMBean {
    private static HashMap m_providers = new HashMap();
    private static ReadWriteLock m_lock = new ReadWriteLock();
    private JRunSecurityManager m_sm = null;

    @Override // jrun.security.authorization.JRunAuthorizationManagerMBean
    public AuthorizationProviderItfc getAuthorizationProviderByName(String str) {
        AuthorizationProviderItfc authorizationProviderItfc = null;
        m_lock.getReadLock();
        ObjectInstance findObjectInstance = findObjectInstance(str);
        m_lock.releaseLock();
        if (findObjectInstance != null) {
            try {
                authorizationProviderItfc = (AuthorizationProviderItfc) this.server.invoke(findObjectInstance.getObjectName(), "getJRunService", null, new String[0]);
            } catch (Exception e) {
            }
        }
        return authorizationProviderItfc;
    }

    @Override // jrun.security.authorization.spi.AuthorizationItfc
    public boolean checkAuthorization(Principal principal, Permission permission) throws JRunSecurityException {
        boolean z = true;
        m_lock.getReadLock();
        Iterator services = getServices();
        while (true) {
            if (!services.hasNext()) {
                break;
            }
            AuthorizationProviderItfc authorizationProviderItfc = (AuthorizationProviderItfc) services.next();
            if ((authorizationProviderItfc instanceof AuthorizationProviderItfc) && !authorizationProviderItfc.getAuthorizationAgent().checkAuthorization(principal, permission)) {
                z = false;
                break;
            }
        }
        m_lock.releaseLock();
        return z;
    }

    public boolean checkAuthorization(SecurityContext securityContext, Permission permission) throws JRunSecurityException {
        SimplePrincipal callerPrincipal;
        boolean z = false;
        SimplePrincipal runAsPrincipal = securityContext.getRunAsPrincipal();
        if (runAsPrincipal != null) {
            z = ((runAsPrincipal instanceof SimplePrincipal) && runAsPrincipal.getType().equals(SimplePrincipal.ROLE) && runAsPrincipal.getName().equalsIgnoreCase(JRunSecurityManagerService.GLOBAL_SERVER_ADMIN_ROLE)) ? true : checkAuthorization((Principal) runAsPrincipal, permission);
        }
        if (!z && (callerPrincipal = securityContext.getCallerPrincipal()) != null) {
            z = checkAuthorization((Principal) callerPrincipal, permission);
        }
        if (!z && (securityContext instanceof JRunSecurityContext)) {
            z = checkServerIdentityAuthorization(((JRunSecurityContext) securityContext).getCallerIdentity());
        }
        return z;
    }

    public boolean checkAuthorization(Object obj, Permission permission) throws JRunSecurityException {
        return checkAuthorization(this.m_sm.getSecurityContext(obj), permission);
    }

    @Override // jrunx.kernel.ConfigurableServicePartition, jrunx.kernel.ServiceAdapter, jrunx.kernel.Service
    public void start() throws Exception {
        super.start();
        this.m_sm = getSecurityManager();
    }

    private final JRunSecurityManager getSecurityManager() throws JRunSecurityException {
        try {
            JRunSecurityManager jRunSecurityManager = (JRunSecurityManager) invokeMethod(findObjectInstance(ServiceAdapter.SECURITY_MANAGER, true).getObjectName(), "getJRunSecurityManager", null, null);
            if (jRunSecurityManager == null) {
                getLogger().logError(RB.getString(this, "JRunAuthorizationProvider.LookupFailed", ServiceAdapter.SECURITY_MANAGER));
            }
            return jRunSecurityManager;
        } catch (Exception e) {
            throw new JRunSecurityException(e.getMessage());
        }
    }

    private boolean checkServerIdentityAuthorization(SecurityIdentityItfc securityIdentityItfc) throws JRunSecurityException {
        boolean z = false;
        if (securityIdentityItfc != null) {
            z = JndiSecurityHelper.getServerIdentityPriveleged().verifyIdentity(securityIdentityItfc);
        }
        return z;
    }
}
